How medical diagnostics can help react to hybrid threats

Christopher Kremidas Courtney is US European Command Liaison to NATO and EU

Hybrid warfare is broadly defined as a combination of measures employed in a coordinated manner to achieve specific objectives while remaining below the threshold of formally declared warfare. The measures can be conventional and unconventional, overt and covert, military, political, diplomatic, economic, cyber and disinformation.

In December 2015, NATO adopted a Hybrid Warfare Strategy, and a few months later the European Union adopted its Joint Framework for Addressing Hybrid Threats. Both documents called for working in conjunction with a variety of actors in order to improve resilience, security and continuity of governance in the face of hybrid threats. They also called for greater NATO-EU cooperation in addressing hybrid threats, and both organisations agreed on a number of areas where they can focus their cooperative efforts.

Within both NATO and the EU, there is a general agreement on four steps to address hybrid threats: detection, attribution, response, and recovery.

Detection refers to the ability to detect a hostile state action (HSA) in time to react and minimise any potential damage. Attribution, a more complex follow-on, is the ability to attribute an HSA to a specific actor and to differentiate it from an accident, system failure or human error.

In recent years, military, police and academic experts have begun to look at cities and nations as living organisms

Response, which depends greatly on accurate, timely and credible attribution for sound decision making, means changing a security posture or retaliating against the actor to which the HSA is attributed – in accordance with existing just-war ethics. Recovery is the ability to restore functionality to the systems, capabilities and societal coherence that were attacked in the HSA.

The effectiveness of NATO, the EU and their allies and member states to collectively and individually be effective in these four steps contributes greatly to their ability to deter hybrid threats.

Perhaps surprisingly, they can learn from the medical community, as it works with extremely small margins for error and under extreme time pressure. By taking a diagnostic approach to detecting and attributing hybrid threats, the EU and NATO can reduce gaps, seams, and vulnerabilities in their common approach to detection and attribution, while meeting short suspense times to inform decision makers.

In recent years, military, police and academic experts have sought to understand the challenges of peacekeeping and counterinsurgency in cities. They have begun to look at cities and nations as living organisms with their own “metabolic flows” of trade, communications, people and goods, as well as their own energy. Building from this approach and looking at a nation or group of nations as a human body, we can apply a medical diagnostic approach to the detection and attribution steps of addressing hybrid threats.

Detection begins with the nervous system. In the human body, the central nervous system is responsible for integrating sensory information and informing appropriate responses to the inputs from its various sensors. To varying degrees, states and groups of states have their own nervous systems.

All too often, however, these systems are neither connected nor monitored as a whole, and common trends are not studied in the near term. Thus, a first step in any approach to being able to detect HSAs is the establishment of a system or process that resembles a human nervous system. It must be sensitive and rapid enough for early detection to enable protective decision making by the appropriate authorities.

However, unlike the human nervous system, a nervous system to detect HSAs must also be able to monitor and detect threats to a state or society’s most vital organs. These organs could include public trust in government, continuity of government, emergency services, water, societal cohesion, sanitation and waste disposal, food supply, communications, transportation, energy and medical support.

Given the sensitivity over issues such as sovereignty and information, any such system or process would be a confederation of systems and inputs. These would interact with degrees of sharing that vary according to the situation. Whatever the agreed process ends up being, it will not work with a “one-size-fits-all” framework. Rather, it should be based on the voluntary collaboration of nations, international organisations, think-tanks, universities and private entities.

Attribution requires a diagnosis of what was detected by the nervous system. A simple alert from a sensor system is seldom enough for credible attribution, except in certain cyber cases. So qualitative analysis of symptoms and trends, as well as the resulting alerts, bulletins and predictive analysis, is necessary in order to inform and update national and international organisational authorities. They can then make decisions on response, recovery, protective posture and resource allocation.

For attribution, the contributions of academia, think-tanks, private sector experts, and government analysts are crucial to producing near-term studies and dynamic depictions of hybrid trends and methods. They are also needed to provide feedback to improve the sensors within the “nervous system” to detect HSAs earlier and more accurately.

Countering hybrid threats also comes with some special challenges that medicine does not face

Of course, in order to diagnose a detected incident, we need to understand benchmark stable norms for the state or group of states in question. We can then judge whether it is an HSA; a non-state or local actor engaged in illicit activity; organic internal unrest; or just an accident or system failure.

Countering hybrid threats also comes with some special challenges that medicine does not face, such as the need for diagnosed vulnerabilities to be kept confidential. However, in emergency situations this confidentiality is not the main concern. Having the pathways and means to work together and share situational awareness, without being preoccupied with national or organisational primacy, can contribute greatly to our ability to be complementary and mutually reinforcing in addressing hybrid threats.

By taking a nervous-system approach to detecting hybrid threats, we can figure out how to leverage information from existing sensor systems and identify gaps and seams in these and our reporting processes. With this information, we can take steps to rectify them.

By taking a diagnostic approach to attribution, we can apply information from the “nervous system” to a rigorous and rapid qualitative process of analysis and trend mapping. This will provide the best information to inform decision makers deciding on response and recovery efforts.

The views presented in this paper represent the author’s personal findings and do not represent the official views or policy of EUCOM or the United States government.